× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: f4dee521502a89bcb0dbce3d894692ca9a37a3578759589d31e6fb5f154f2e7b
Nombre: 1
Detecciones: 9 / 56
Fecha de análisis: 2017-01-26 15:44:18 UTC ( hace 1 año, 3 meses ) Ver el más reciente
Antivirus Resultado Actualización
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20170125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML trojandropper.win32.pykspa.a 20170111
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.fc 20170126
Qihoo-360 HEUR/QVM08.0.0000.Malware.Gen 20170126
Rising Malware.Generic!p0HmY0aLWgS@2 (thunder) 20170126
Symantec ML.Attribute.HighConfidence 20170125
TrendMicro Ransom_HPCERBER.SMEN 20170126
TrendMicro-HouseCall Ransom_HPCERBER.SMEN 20170126
Ad-Aware 20170126
AegisLab 20170126
AhnLab-V3 20170126
Alibaba 20170122
ALYac 20170125
Antiy-AVL 20170126
Arcabit 20170126
Avast 20170126
AVG 20170126
Avira (no cloud) 20170126
AVware 20170126
BitDefender 20170126
Bkav 20170123
CAT-QuickHeal 20170125
ClamAV 20170125
CMC 20170126
Comodo 20170126
Cyren 20170126
DrWeb 20170126
Emsisoft 20170126
ESET-NOD32 20170126
F-Prot 20170126
F-Secure 20170126
Fortinet 20170126
GData 20170126
Ikarus 20170126
Jiangmin 20170126
K7AntiVirus 20170126
K7GW 20170126
Kaspersky 20170126
Kingsoft 20170126
Malwarebytes 20170126
McAfee 20170126
Microsoft 20170126
eScan 20170126
NANO-Antivirus 20170126
nProtect 20170126
Panda 20170126
Sophos AV 20170126
SUPERAntiSpyware 20170126
Tencent 20170126
TheHacker 20170125
Trustlook 20170126
VBA32 20170126
VIPRE 20170126
ViRobot 20170126
WhiteArmor 20170123
Yandex 20170125
Zillya 20170126
Zoner 20170126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-26 13:11:51
Entry Point 0x00008AF2
Number of sections 4
PE sections
Overlays
MD5 9e78c81c8d819309789a0eddffca3b06
File type data
Offset 327680
Size 384
Entropy 7.44
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
FileTimeToSystemTime
GetFileAttributesA
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
FlushFileBuffers
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemInfo
GetCurrentThread
SetStdHandle
CompareStringW
GetCPInfo
GetStringTypeA
SetFilePointer
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
GetThreadTimes
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
GetFileType
GetTickCount
IsBadCodePtr
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
GetModuleHandleA
CloseHandle
GetMessageA
CreateWindowExA
LoadCursorA
TranslateAcceleratorA
UpdateWindow
DispatchMessageA
EndPaint
EndDialog
BeginPaint
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
FrameRect
LoadStringA
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_BITMAP 1
RT_CURSOR 1
Number of PE resources by language
ENGLISH US 2
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:01:26 14:11:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
315392

SubsystemVersion
4.0

EntryPoint
0x8af2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 dded0301ec3bd59f981bb364316cdb3e
SHA1 adfc65cf5cc6c3ea5954d48a79bfd67232131f9e
SHA256 f4dee521502a89bcb0dbce3d894692ca9a37a3578759589d31e6fb5f154f2e7b
ssdeep
3072:mzyABy0uTqlrEVpwKw+Z8PFJ3Z3OQIxfapNSzFSO6WfMC42d5NuIdBTHOVbgjQAM:wyYsTdwKwhZFIwpNHOt/NuIdBTc3dYOP

authentihash 963f6bb0bd3925dd68cc2e3c9cbaa35ea315554d07e35d39550caeb86b65ba89
imphash e605154ddb2f80333a35c1e883601bb1
Tamaño del fichero 320.4 KB ( 328064 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-26 15:44:18 UTC ( hace 1 año, 3 meses )
Last submission 2017-04-14 21:25:51 UTC ( hace 1 año, 1 mes )
Nombres 1
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications